HTTP headers are included in every HTTP response from a web server. Setting the
appropriate HTTP headers can reduce the risk of man-in-the-middle and
cross-site-scripting attacks on a web application. You can also reduce
information leaks about the web application configuration - vital data that
gives a would-be attacker clues about potential vulnerabilities. Read on to
find out how to set the appropriate headers in your Perl web application.

The following headers are set:

X-Frame-Options: protect site from being loaded into an frame or iframe (specs)

Strict-Transport-Security: requester to load all content via HTTPS

Content-Security-Policy: sets a whitelist of domains from which content can be safely loaded (specs)